Lucene search
K

5 matches found

CVE
CVE
added 2026/05/01 8:34 p.m.14 views

CVE-2026-39804

The vulnerability CVE-2026-39804 affects Bandit (Elixir) WebSocket permessage-deflate handling. The function Elixir.Bandit.WebSocket.PerMessageDeflate.inflate/2 calls :zlib.inflate/2 without an output size cap and materializes the full decompressed payload into a single binary, while max_frame_si...

8.2CVSS5.9AI score0.00625EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

8.2CVSS5.8AI score0.00625EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 3:13 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...

9.8CVSS6AI score0.0115EPSS
Exploits2Affected Software1
Debian CVE
Debian CVE
added 2026/03/12 8:27 p.m.4 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00874EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/12 8:8 p.m.4 views

CVE-2026-1526 undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit...

7.5CVSS5.8AI score0.0115EPSS
Exploits0References4
Rows per page
Query Builder